Overview of Android’s First Critical Vulnerability
Google warns of a critical vulnerability affecting Android devices, specifically phones running Android 13, Android 14 (now known as Pixel), Android 15, and in theory, Android 16. The vulnerability, CVE-2024-53104, targets the Android Linux kernel and inadvertently allows excessive handling of large media files. This exploit could cause unintended out-of-bounds memory issues, destabilizing devices and apps. While exact details on how this vulnerability is exploited remain unknown, it has been implicated by external USB devices plugged into smartphones, suggesting that forensic extraction tools may be used in similar ways by law enforcement or third parties.
Pixel and similar devices, which heavily rely on Android, have already embraced this vulnerability, implying that the security update for Android 15, which already fixes this issue, may have been distributed to them shortly after discoverability. The update, which was designed and released in May 2024, coincided with February’s Android Monthly Security Update (AMSE) release. By February 25th, users should update their devices to AMSE 15.2 as soon as possible, given that the fix is relatively fast and available for Pixel hardware. For non-Pixel models, the same level of speed was achieved. However, other key vulnerabilities, such as SERVICE-SEMANTIC-PROTECTION and RE亲密ATION, are still pending further analysis.
… continue with the rest of the summary …
